Category: Applying OAuth 2.0
-
Adding additional security measures- Digital Transformation with IBM API Connect
The last few sections provided a comprehensive overview of APIC’s OOTB security features to secure APIs. But by no means are these the only security features that you can use. You can build almost any security mechanism using a combination of user-defined policies and GatewayScript policy. You can further secure your services using Transport Layer…
-
Testing OAuth flow- Digital Transformation with IBM API Connect
Like other OAuth configuration steps, testing the OAuth flow is also a multi-step process. This is due to the nature of multiple interactions between all the parties involved in OAuth processing. Apart from the complexity of the multiple parties, OAuth flow also changes based on the configured grant type in the OAuth provider. You will…
-
Creating a client – Digital Transformation with IBM API Connect
As previously stated, the client (typically an application) interacts with the resource (API) on the resource owner’s (typically the end user) behalf. From the earlier example, the client is the application developed/owned by the healthcare provider. The resource is the service, exposed by the medical lab, that fetches the resource owner’s lab results from the…
-
Applying OAuth 2.0 – Digital Transformation with IBM API Connect
In this section, you will learn about the specifics of OAuth, and later you will learn about OIDC (another similar security standard). Because of similarities between OAuth and OIDC, it might be helpful to know at a high level what is what. It is important to know that while OIDC deals with authentication, OAuth deals…
-
Protecting APIs with Basic authentication and Client ID (API key) – Digital Transformation with IBM API Connect
In this section, you will begin developing APIs that use the security features you have just set up. Using Basic authentication with an API key is among the easiest methods of applying authentication security to an API. This method of applying API key security (client ID and client secret) to an API was covered in…
-
Technical requirements – Digital Transformation with IBM API Connect
Unlike Chapter 4, API Creation, and Chapter 5, Modernizing SOAP Services, which utilized local development tools such as API Designer and Local Test Environment (LTE), this chapter will require you to have access to an existing APIC cloud implementation. This APIC cloud access can be provided by your company’s APIC cloud administrator. The exercises in…
Recent Posts
- Adding additional security measures- Digital Transformation with IBM API Connect
- JWT verification- Digital Transformation with IBM API Connect
- Using JWT policies- Digital Transformation with IBM API Connect
- OAuth flow changes- Digital Transformation with IBM API Connect
- Implementing OpenId Connect (OIDC)- Digital Transformation with IBM API Connect
Tags
There’s no content to show here yet.